If you see NET::ERR_CERT_SYMANTEC_LEGACY error when accessing some sites such as Paypal you’re not alone. So in this post, we’re going to put some light on this error and ways to fix it.
Why this error occurs in the Chrome browser.
The reason behind this error is the Google Chrome browser because of ending support for Symantec SSL / TLS certificate. So it also includes all the companies under Symantec — Rapid SSL GeoTrust, VeriSign, Thawte, Verisign, Equifax, GeoTrust, and RapidSSL.
So if you open sites that have SSL from any company above — chrome browser render them insecure. Moreover, clicking the advanced button doesn’t help load the site.
Starting from Chrome 66 the support for Symantec certificates issued before June 1, 2016, will end with the following schedule:
- The Chrome ‘Canary’ line already ended supporting from January 20, 2018.
- Beta Chrome 66 from March 15th.
- Stable Chrome 66 ended support on April 17th.
If you are opening a site with Symantec certificate issued before June 1, 2016, and the owner didn’t replace or renewed certificate, this is what you’ll see on Chrome browser when you access the website.
The error above is described as NET::ERR_CERT_SYMANTEC_LEGACY, this site (paypal) is using Symantec certificate which is no longer supported by Chrome browser. Also starting with Chrome version 70, all Symantec certificates will stop working (also including those certificate issued after June 1 2016).
This is the timeline of the chrome version releases, that will stop Symantec SSL powered website to load on chrome from the following date.
- Chrome Canary version 70: July 20th,
- Chrome Beta version 70: September 13th
- Chrome stable version 70: October 16th
(According to the time of writing this) So as of now if you are using Chrome Stable or Beta release, you will not see this error unless a corresponding website’s certificate issued before July 2016.
If you are using Chrome Canary version 70, you will see that the websites like PayPal and Virtualbox don’t load giving the error.
To check if a site using Symantec SSL, proceed as follows.
- Open the site you want to visit where the error shows.
- Click on Not secure button in the address bar, right before domain name. And click Certificate (show certificate).
- Example: This is Paypal SSL issued by Symantec.
So it does mean that soon sites using SSL from Symantec will stop working on Google Chrome browser.
Please share it with your friends and let them know that their favorite sites like PayPal and Virtualbox.
How to fix NET::ERR_CERT_SYMANTEC_LEGACY
Option 1. Don’t use Chrome Canary as of Now.
It’s August roughly You have around 2 months if you are using Chrome stable version and one month for the beta version. For now, if you are using Chrome Canary I want to load website regardless of the Google’s action, you can switch to Chrome stable or beta version. Follow this link to install Chrome stable.
Option 2. Use a different browser.
This does not issue with other browsers, maybe others will follow Google’s decision such as Firefox and Opera. I tested such sites on Edge and Opera and they all loaded without issue.
If you want to load a specific site, You can use the inbuilt browser in Windows 10 which is edge Browser, there are other browsers as well on the internet some of them are open, providing from Opera Opera neon, Mozilla Firefox, Maxthon and the list goes on.
We also posted a similar topic, Browsers For Windows 10.
For Webmasters.
Replace your SSL certificate with the following.
Letsencrypt: Free SSL trusted by Chrome and all major browsers. We also use Letsencrypt on Quickfever, not because its free but also renewing it is as simple as typing 2 word command using Putty.
Some hosting companies pre-include it such as DigitalOcean allows you to install Letsencrypt easily. If you are using Serverpilot to manage your server, good news that you can find Letsencrypt there too, I also have a post to install Letsencrypt SSL on free ServerPilot account. However, these server manager sites offer it on their subscription plans such as runcloud.
And for paid SSL you can check out Comodo and Digicert.
This is what Google posted in a blog post.
At the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web
Wrapping Up
Oh well, now you know that this is a Google initiative to end support for Symantec certificates and all companies under it. You can read more about it on the Google security blog. This is a good step and needed to happen as Symantec certificates don’t comply with the industry-developed CA/Browser Forum Baseline Requirements. I encountered this error since I’m Google canary user while opening PayPal- Chrome refused to load it. It took a while to figure out the reason behind it.